Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] AzureCliCredential - Misleading error message when blocked because of conditional access policy #29109

Closed
asanjabi opened this issue Jun 3, 2022 · 1 comment · Fixed by #31949
Closed

[BUG] AzureCliCredential - Misleading error message when blocked because of conditional access policy #29109

asanjabi opened this issue Jun 3, 2022 · 1 comment · Fixed by #31949
Assignees
@schaabs
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@asanjabi
Copy link

asanjabi commented Jun 3, 2022

Library name and version

Azure.Identity 1.6

Describe the bug

If retrieving a token is blocked by conditional access policy, error message provided to the user ("Please run 'az login' to set up account") is misleading. In my case I can reproduce this running in a docker container and using scope "https://database.windows.net", running equivalent CLI command produces the following error message:

: az account get-access-token --output json --resource https://database.windows.net
AADSTS50005: User tried to log in to a device from a platform (Unknown) that's currently not supported through Conditional Access policy. Supported device platforms are: iOS, Android, Mac, and Windows flavors.
Trace ID: c5188e27-f425-45a3-97ba-770db9cc3e00
Correlation ID: 52fa0a7c-384c-4f38-8138-992023c79a9f
Timestamp: 2022-06-03 22:26:04Z
To re-authenticate, please run:
az login --scope https://database.windows.net/.default

The last line matches the logged in check in the code.

Expected behavior

Better error message to help user diagnose the problem.

Actual behavior

Exception text says "Please run 'az login' to set up account"
See bug description

Reproduction Steps

Environment dependent,
Try getting a token that is blocked by conditional access policy.

Environment

In my scenario:
Image: mcr.microsoft.com/dotnet/aspnet:6.0
Azure.Identity 1.6
@ghost ghost added the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Jun 3, 2022
@azure-sdk azure-sdk added Azure.Identity Client This issue points to a problem in the data-plane of the library. needs-team-triage Workflow: This issue needs the team to triage. labels Jun 3, 2022
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Jun 3, 2022
@jsquire jsquire added needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that and removed needs-team-triage Workflow: This issue needs the team to triage. labels Jun 4, 2022
@jsquire
Copy link
Member

jsquire commented Jun 4, 2022

Thank you for your feedback. Tagging and routing to the team member best able to assist.

@christothes christothes mentioned this issue Oct 25, 2022
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Mar 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@schaabs schaabs

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix error messages with AADSTS and az login Azure/azure-sdk-for-net
4 participants
@jsquire @schaabs @asanjabi @azure-sdk